PT-2026-4615 · WordPress · Wp Directory Kit

Sarawut Poolkhet

Published

2026-01-24

Updated

2026-03-17

CVE-2025-13920

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.4.9

Description The WP Directory Kit plugin for WordPress has a flaw that allows unauthenticated attackers to obtain email addresses of users with specific Directory Kit user roles. This is possible through the wdk public action AJAX handler.

Recommendations Update WP Directory Kit to a version later than 1.4.9.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-13920

Affected Products

Wp Directory Kit

PT-2026-4615 · WordPress · Wp Directory Kit

CVE-2025-13920

Weakness Enumeration

Related Identifiers

Affected Products

References · 8